Best practice for verifying a GitLab user?

The user can enter his/her GitLab username (and additional fields if needed) in a UI.

What is the best practice to verify that the user is valid and that the user is the real owner of the entered account over the GitLab API?

This should also support external login methods (GitHub, …).


The best practice is using a GPG key or SSH key to ensure that we have a verified status